The State of the Internet / Retail Attacks and API Traffic report was released by Akamai. During the second half of 2018, roughly 28 billion credential stuffing attempts have been detected, with retail websites being the main target of credential abuse with 10 billion attempts. The United States led the pack when it comes to credential stuffing source traffic, followed by Russia, Canada, Brazil, and India. Credential abuse also targeted the financial sector with 1.08 billion attempts against organizations from the financial services industry.
Source: https://www.bleepingcomputer.com/news/security/28-billion-credential-stuffing-attempts-during-second-half-of-2018/